ISE 620 Final Project Guidelines and Rubric

ISE 620 Final Project Guidelines and Rubric

Overview

The final project for this course is the creation of a security posture and response analysis report.
With the explosion of the internet, we are living in a world with no boundaries. Organizations rely on e-commerce as a huge portion of their business models. With a move to more internet-based commerce and banking, there has been an increase in security threats, network penetrations, and intrusions. Information systems have inherent weaknesses and can be vulnerable to attacks from internal users, external customers, and anyone intending on malicious activity. This is why security incident detection and response has become an integral component of information technology programs; businesses and organizations must be able to handle security incidents effectively and efficiently. To this end, your final project will provide you with the opportunity to report on the detection of and response to an information security incident of a potential client.

For the final project, imagine that you are a cybersecurity consultant working for Business Secure, a fictitious cybersecurity firm. Business Secure has been approached by Health Network Inc. (HealthNet), a fictitious health services organization. HealthNet would like Business Secure to develop a request for proposal (RFP) based on HealthNet’s security needs. To support the creation of this RFP, the practice director has gathered key details from HealthNet and has tasked you with conducting a review of these materials and formulating your opinions and preliminary recommendations within a security posture and response analysis report.

To develop this report, you will need to begin by conducting a comprehensive review and evaluation of the Project Plan Backgrounder document, which provides an overview of the company and details its cyber policies and procedures. With preliminary security assessments already completed and provided to you by the practice director, you will also review a Nessus scan and Snort report as well as HealthNet’s policies and procedures:

Some external regulatory research on HealthNet’s industry sector will also be needed for providing compliance and regulatory assessment analysis for the organization. Keep in mind that while your report will evaluate all of HealthNet’s policies and security measures, you will only select one corporate office to focus on for state legislation: California (HQ), Illinois, Nevada, Oregon, or Washington State. The larger RFP objective is to provide preliminary recommendations to HealthNet on notification and escalation improvements, stakeholder identification, and recovery and general remediation for the network. Review the provided Project Plan Backgrounder document for the expected final report design.

The project is divided into three milestones, which will be submitted at various points throughout the course to scaffold learning and to support a quality final submission. These milestones will be submitted in Modules One, Three, and Seven. The final submission is due in Module Nine.

In this assignment, you will demonstrate your mastery of the following course outcomes:

  • Assess the extent to which internal incident response policies and strategies are aligned with current information security best practices
  • Assess legislation, policies, and regulations that guide cybersecurity industry standards for their impact on security incident detection and response
  • Evaluate the effectiveness of vulnerability detection software tools in proactively monitoring and detecting security threats to organizations’ information systems
  • Determine key remediation and recovery mechanisms that organizations can use to restore availability of information services after security incidents based on security assessment results
  • Recommend strategies or methods for communicating security assessment results and responses effectively to stakeholders of organizations’ information systems

Prompt

You will begin your report by analyzing HealthNet’s incident detection and response policies and the legislation that applies to the organization and its security policies based on whichever state’s offices you have chosen to focus on. You must select a company office from California (HQ), Illinois, Nevada, Oregon, or Washington State.

Next, you will evaluate the effectiveness of tools that you used in this course in how you could approach a more in-depth assessment of network security vulnerabilities for this organization. For preliminary results already gathered regarding security vulnerabilities, you will interpret the results, discuss strategies for communicating this information to stakeholders of the network, and provide suggested remediation of the vulnerabilities themselves.

Specifically, the following critical elements must be addressed:

  1. Introduction: Briefly describe the organization and its information systems. Who are the stakeholders of the organization’s information systems, specifically the network in question?
  2. Security Policies: In this section, you will provide an assessment of the organization’s security policies and security controls that are in place for users. Specifically, you should do the following:
    1. Describe the security measures the organization has in place to reduce security vulnerabilities. These security measures could be, for example, hardware and software tools or policy, physical security, and environmental
    2. Assess the extent to which the organization’s response policy is aligned with industry-standard information security best practices. For example, are there any gaps between the existing policy and best practices that might impede the organization’s ability to respond to a network intrusion or security threat?
  3. How well aligned are the organization’s response mechanisms with industry-standard information security best practices? For example, are there any gaps between the response mechanisms and best practices that might make it difficult for the organization to respond to or recover from a security incident?
  • Legislation: In this section, you will examine, based on the HealthNet office location you have selected, the impact of current federal and state legislation and industry regulations on the security posture of this organization. Specifically, you should do the following:
    1. Describe the regulations and policies that are used to guide the development of cybersecurity industry standards that apply to the
    2. Discuss legislation that has passed or is in process that could impact the security policy framework of the organization. The legislation could be state, federal, or
    3. What is the impact of the regulations, policies, and legislation on the organization’s incident detection and response security controls and policies? In other words, how do the applicable regulations, policies, and legislation affect the security posture of the organization?
  1. Importance of the Tools and Systems: In this section, you will evaluate the tools and systems you have used throughout the course to address how you would use them to detect network security vulnerabilities if a more in-depth security assessment of HealthNet were to be conducted. You will apply the knowledge and skills gained from using the tools during this course to the following:
    1. How would you use network intrusion detection software to detect a problem in the organization’s network? Examples of potential network intrusions that you could discuss include exploit attempts, port scans, and
    2. How would you use a network protocol analyzer to monitor this network for security threats? In your response, ensure that you address sniffing packets for usernames and
    3. Evaluate the effectiveness of the tools and systems that you would use to analyze the network or computing devices for known vulnerabilities. For instance, based on your experience with this tool/system during the course, were there any gaps or problems in how they would allow you to monitor or detect security threats for this organization?
  1. Analyzing Results: Correlate the known vulnerabilities in the Nessus scan with the Snort report. What does the information in the Snort report tell you? What problems can you identify at this stage? In other words, identify some of the nefarious activities from those highlighted in the report. You must address at least five of these activities to ensure you have comprehensively examined the crux of the vulnerabilities. (This is where you would begin to review the results of the preliminary vulnerability assessments already gathered by your practice director in the Nessus scan and Snort report. It appears that the attacker used Metasploit and Meterpreter. Note that for this scenario, the Nessus scan and the Snort Report have different addresses, but it is the same attacker. In this instance, you would consider that the destination IP in Snort [10.5.11.173] and the Nessus IP address [192.168.118.80] are the same for our )
  2. Needs and Recommendations: In this section, you will review the results of preliminary security assessments already gathered by your practice director (Snort report) to inform recommendations you will contribute toward Business Secure’s RFP for HealthNet. To do this, you will determine appropriate responses to the results of these preliminary vulnerability scans provided to you. Specifically, you should do the following:
    1. Recommend strategies or methods for communicating these results to stakeholders of the
    2. What do your results tell you specific to the needs of future security controls for this organization? For example, how can the results be used to mitigate security risks and vulnerabilities?
  1. Describe any new policies or policy updates that need to be created to ensure the confidentiality, integrity, and availability of the organization’s data. Your response should be based on the results of your network vulnerability scanning
  2. How will the future security controls and new or updated policies aid the organization in restoring availability of their network and other information services after a security incident?
  3. Suggest how these new security countermeasures can be communicated to stakeholders of the network and associated information system. In other words, what strategies or methods can you recommend to communicate the future security controls and new policies to stakeholders?

Milestone One: Fact-Finding and State Selection Brief

Milestones

In Module One, you will submit a fact-finding and state selection brief. Information on the company you will focus on (HealthNet) has been provided above. Review the information and then submit a brief that identifies the organization, its basic information systems, the stakeholders, and the network itself. Include your choice of one of the following states upon which to focus: California, Illinois, Nevada, Oregon, or Washington State. It is important to note that some states have cybersecurity legislation that impacts organizations. Selecting your state early in the course will help you focus on the key legislative aspects that will impact your analysis. This milestone will be graded with the Milestone One Rubric.

Milestone Two: Security and Legislation Brief

In Module Three, you will submit a security and legislation brief. This brief will include some of the critical elements from Sections II and III of the final project. You will discuss HealthNet’s security policies and controls, how well they represent best practices, and how regulations or policies (at the federal, state, and industry levels) affect the organization. This milestone will be graded with the Milestone Two Rubric.

Milestone Three: Tools and Results Brief

In Module Seven, you will submit a tools and results brief. This brief will include some of the critical elements from Sections IV, V, and VI of the final project. You will evaluate the tools you would use to detect network security vulnerabilities in a security assessment of the organization in the final project scenario. You will use the skills you have gained from the virtual labs and apply them to several security vulnerability questions. This milestone will be graded with the Milestone Three Rubric.

Final Submission: Security Posture and Response Analysis Report

In Module Nine, you will submit your security posture and response analysis report. It should be a complete, polished artifact containing all of the critical elements of the final project. It should reflect the incorporation of feedback gained throughout the course. This submission will be graded with the Final Project Rubric.

Deliverables

Milestone Deliverable Module Due Grading
One Fact-Finding and State Selection Brief One Graded separately; Milestone One Rubric
Two Security and Legislation Brief Three Graded separately; Milestone Two Rubric
Three Tools and Results Brief Seven Graded separately; Milestone Three Rubric
Final Submission: Security Posture and

Response Analysis Report

Nine Graded separately; Final Project Rubric

 

Final Project Rubric

Guidelines for Submission: Your submission should be 8–10 pages in length and should use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA style.

 

Instructor Feedback: This activity uses an integrated rubric in Blackboard. Students can view instructor feedback in the Grade Center. For more information, review these instructions.

 

Critical Elements Exemplary (100%) Proficient (90%) Needs Improvement (70%) Not Evident (0%) Value
Introduction Meets “Proficient” criteria, and description demonstrates nuanced understanding of

organization’s information

systems and stakeholders

Briefly describes organization and its information systems, including stakeholders of network Describes organization and its information systems, including stakeholders of network, but description is wordy or

unnecessarily detailed

Does not describe organization or its information systems 6
Security Policies: Security Measures Meets “Proficient” criteria, and response demonstrates nuanced understanding of how security measures reduce security

vulnerabilities

Describes security measures organization has in place to reduce security vulnerabilities Describes security measures organization has in place to reduce security vulnerabilities, but response is cursory or

inaccurate

Does not describe security measures organization has in place to reduce security vulnerabilities 6
Security Policies: Response Policy Meets “Proficient” criteria, and response demonstrates keen insight into relationship between internal incident response

policies and current information security best practices

Assesses extent to which

organization’s response policy is aligned with industry-standard information security best practices

Assesses extent to which

organization’s response policy is aligned with industry-standard information security best practices, but response is

cursory or inaccurate

Does not assess extent to which organization’s response policy is aligned with industry-standard information security best practices 6

 

 

Security Policies: Response Mechanisms Meets “Proficient” criteria, and response demonstrates keen insight into relationship between internal incident response mechanisms and current information security best

practices

Assesses extent to which organization’s response

mechanisms are aligned with industry-standard information security best practices

Assesses extent to which organization’s response

mechanisms are aligned with industry-standard information security best practices, but response is cursory or inaccurate

Does not assess extent to which organization’s response mechanisms are aligned with industry-standard information security best practices 6
Legislation: Regulations and Policies Meets “Proficient” criteria, and response demonstrates sophisticated understanding of how regulations and standards help create organizational

security controls

Describes regulations and policies that are used to guide development of cybersecurity industry standards that apply to organization Describes regulations and policies that are used to guide development of cybersecurity industry standards that apply to organization, but response is

cursory or inaccurate

Does not describe regulations and policies that are used to guide development of cybersecurity industry standards that apply to organization 6
Legislation: Legislation Meets “Proficient” criteria, and response demonstrates keen insight into how legislation impacts organizational security Discusses legislation that has passed or is in process that could impact security policy framework of organization Discusses legislation that has passed or is in process that could impact security policy framework of organization, but

response is cursory or inaccurate

Does not discuss legislation that has passed or is in process that could impact security policy framework of organization 6
Legislation: Impact Meets “Proficient” criteria, and response demonstrates keen insight into relationship between organizational security controls and legislation, policies, and regulations that guide

cybersecurity standards

Assesses impact of regulations, policies, and legislation on

organization’s incident detection and response security controls and policies

Assesses impact of regulations, policies, and legislation on

organization’s incident detection and response security controls and policies, but response has gaps in detail or logic

Does not assess impact of regulations, policies, and

legislation on organization’s incident detection and response security controls and policies

6
Importance of the Tools and Systems: Network Intrusion Detection Software Meets “Proficient” criteria, and explanation demonstrates nuanced understanding of how vulnerability detection software tools can be used to mitigate

security risks

Explains how network intrusion detection software would be used to detect problem in

organization’s network

Explains how network intrusion detection software would be used to detect problem in

organization’s network, but with gaps in detail or clarity

Does not explain how network intrusion detection software would be used to detect

problem in organization’s network

6
Importance of the Tools and Systems: Network Protocol Analyzer Meets “Proficient” criteria, and explanation demonstrates nuanced understanding of how vulnerability detection software tools can be used to mitigate security risks Explains how network protocol analyzer would be used to monitor network for security threats, addressing sniffing packets for usernames and passwords in response Explains how network protocol analyzer would be used to monitor network for security threats, addressing sniffing packets for usernames and passwords in response, but with

gaps in detail or clarity

Does not explain how network protocol analyzer would be used to monitor network for security threats 6

 

 

Importance of the Tools and Systems: Effectiveness Meets “Proficient” criteria, and response demonstrates keen insight into effectiveness of vulnerability detection software tools and systems Evaluates effectiveness of the tools and systems that would be used to analyze the network or computing devices for known vulnerabilities Evaluates effectiveness of the tools and systems that would be used to analyze the network or computing devices for known vulnerabilities, but response is

cursory or inaccurate

Does not evaluate effectiveness of the tools and systems that would be used to analyze the network or computing devices for known vulnerabilities 6
Analyzing Results: Vulnerabilities Meets “Proficient” criteria, and description demonstrates an especially nuanced

understanding of vulnerabilities from security assessment results

Describes at least five vulnerabilities from security tools assessment Describes vulnerabilities from security tools assessment, but with gaps in detail or logic Does not describe at least five vulnerabilities from security tools assessment 4.5
Needs and Recommendations: Communicating Meets “Proficient” criteria, and response demonstrates sophisticated insight into strategies and methods for communicating security

assessment results

Recommends appropriate strategies or methods for communicating results to network’s stakeholders Recommends strategies or methods for communicating results to network’s

stakeholders, but with gaps in appropriateness

Does not recommend strategies or methods for communicating results to network’s stakeholders 6
Needs and Recommendations: Security Controls Meets “Proficient” criteria, and response demonstrates keen insight into relationship between security assessment results and key remediation and recovery

mechanisms

Determines how results of network assessments will affect organization’s future security controls Determines how results of network assessments will affect organization’s future security controls, but with gaps in detail or logic Does not determine how results of network assessments will affect organization’s future security controls 4.5
Needs and Recommendations: New Policies Meets “Proficient” criteria, and response demonstrates keen insight into relationship between security assessment results and key remediation and recovery mechanisms Describes new policies or policy updates that need to be created to ensure the confidentiality, integrity, and availability of the organization’s data, based on results of network vulnerability

scanning tools

Describes new policies or policy updates that need to be created to ensure the confidentiality, integrity, and availability of the organization’s data, but with gaps in detail or logic Does not describe new policies or policy updates that need to be created to ensure the confidentiality, integrity, and availability of the organization’s data 4.5
Needs and Recommendations: Restoring Availability Meets “Proficient” criteria, and explanation demonstrates nuanced understanding of how remediation and recovery mechanisms can be used to restore availability of

information services

Explains how future security controls and new or updated policies will aid organization in restoring availability of network and other information services after a security incident Explains how future security controls and new or updated policies will aid organization in restoring availability of network and other information services after a security incident, but

with gaps in detail or logic

Does not explain how future security controls and new or updated policies will aid organization in restoring availability of network and other information services after a

security incident

4.5

 

 

Needs and Recommendations: Countermeasures Meets “Proficient” criteria, and response demonstrates sophisticated insight into strategies and methods for communicating security

assessment responses

Determines how new security countermeasures can be communicated to stakeholders of network and associated information system Determines how new security countermeasures can be communicated to stakeholders of network and associated information system, but with

gaps in detail or logic

Does not determine how new security countermeasures can be communicated to stakeholders of network and associated information system 6
Articulation of Response Submission is free of errors related to citations, grammar, spelling, syntax, and organization and is presented in a professional and easy to read

format

Submission has no major errors related to citations, grammar, spelling, syntax, or organization Submission has major errors related to citations, grammar, spelling, syntax, or organization that negatively impact readability and articulation of

main ideas

Submission has critical errors related to citations, grammar, spelling, syntax, or organization that prevent understanding of ideas 10
Total 100%

[contact-form-7 id=”232″ title=”Contact form 1″]

Order This Solution

Ask your homework question

 

INDIVIDUAL APPROACH:
Chat with every writer who applies to your request, and view their skills and portfolio. Make the choice that’s right for you.
MANAGE YOUR ORDER:
Monitor progress and see any changes made. Have full control over every phase of the process.
COMMUNICATE:
Ask your writer questions and provide your ideas about your paper. Produce the exact result that you want.
ENJOY THE OUTCOME:
Get everything done on time with high quality. Writing papers is much simpler with us.

Ask your homework question

 

© 2017 theacademicessays. All Rights Reserved. Design & Developed by theacademicessays.
Loading...